false positive on website

URL is hxxp://www.naebunny.net/~missylemur/?paged=20

This is my daughters blog. I host the site on my own servers. You can visit every page on her blog except that one.
Avast says its JS:ScriptPE-inf[Trj]

Her site has not been hacked, and you can view every other page in her blog with no problem, so not sure how there is a javascript trojan in there.
I can view this page on other systems with different AV software and there are no alarms.

Avast version is 8.0.1483
engine and virus definitions 13054-1

UPDATE. Found the “problem”. She had a link to http://trololololololololololo.com/ in a post… an old post at that. That was the problem. She removed that and no more alarm.

When posting URLs to suspect sites - Please ‘modify’ posts change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

In this case it looks like the IP address of that domain is blocked as there are more sites hosted on that IP address and some of those are infected. So it looks like this is an IP block rather than a domain name block on hXXp://trololololololololololo.com/.

Checks on that domain name come up clean other than the associated domains on that IP address.
http://zulu.zscaler.com/submission/show/a43f7f94602af943e91e0183e3e2bc42-1367753762
http://sitecheck.sucuri.net/results/trololololololololololo.com/
This is the one that indicates an association with that host.
http://urlquery.net/report.php?id=2334233

####
There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (network shield), etc. Though the URL you would be reporting isn’t your one but the hXXp://trololololololololololo.com/ domain. A link to this topic also wouldn’t hurt.
  • E:\Images\CapturedScreenPrint\contact_avast_form_fp_web.png

Site is no longer flagged, as avast! is known to react fast to cure FPs…

polonus

It no longer alerts on hxxp://www.naebunny.net/ because of the action the Op has taken by removing the link to the hXXp://trololololololololololo.com/ domain that avast was complaining about.

The hXXp://trololololololololololo.com/ domain is still blocked by the network shield.

Hi DavidR,

Thank you for that info and further precision, the flagged domain is quite a popular one: http://forums.digitalspy.co.uk/showthread.php?t=1226166Wasn’t this connected with the vid in which John Redwood did not know the words to the Welsh anthem: (Hen Wlad fy Nhadau - land of my fathers)
as thiswas taken as an offense to the Welsh…

polonus